TheTruthSpy Stalkerware Rakes in Millions by Using Counterfeit Passports and Legitimate Bank Accounts
An Elaborate Scheme: How TheTruthSpy Stalkerware Evaded Detection and Made Millions
In the heart of downtown Dallas, Texas, Benjamin, 44, and Dulce, 42, appear to be ordinary small business owners leading modest lives. However, behind the scenes, they are key players in a massive operation involving the sale of TheTruthSpy, a collection of Android surveillance apps known as "stalkerware." These apps, including Copy9 and MxSpy, have compromised the phones of hundreds of thousands of people worldwide.
What sets Benjamin and Dulce apart is that they don't actually exist in the real world. They are among a group of fictitious identities, strategically designed to sell the spyware and conceal the true developers, a Vietnam-based startup called 1Byte.
The popularity of TheTruthSpy presented new challenges as PayPal transactions brought in tens of thousands of dollars each month. To avoid legal and reputational risks, 1Byte devised an intricate network of fake American identities complete with forged passports. This allowed the startup to maintain anonymity while raking in over $2 million in customer payments since 2016. In case of any discovery or shutdown, the blame would fall on these fictitious sellers, residing at non-existent addresses.
The spyware operation managed to exploit weaknesses in tech and financial systems designed to prevent fraud. Their fake identities with falsified documents made it difficult for anyone to detect the scam.
Initially relying on PayPal for payments, 1Byte faced limitations due to the platform's scrutiny. They had to maintain numerous PayPal accounts and offer year-long subscriptions to customers to avoid disputes and PayPal's attention. But as demand grew, they needed a way to process credit cards on a larger scale.
Selling spyware is risky business, and credit card processors are cautious about facilitating such transactions due to potential liabilities. To further distance themselves from the operation, 1Byte created a fictional American persona named John, who was instrumental in seeking alternative payment methods, including credit card payments.
Despite the elaborate scheme, the leaked data and documents brought to light the inner workings of TheTruthSpy and 1Byte's global surveillance ring, shedding new light on the extent of their fraudulent activities and the lengths they went to evade detection.